-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cli: Add --json support to --check #472
Conversation
This will let higher level tools (Plasma Discover for example) more easily read the output of `bootc update --check --json`. Signed-off-by: Timothée Ravier <tim@siosm.fr>
db73ad3
to
87d2ba4
Compare
The original idea here is that the result of |
Thanks for pointing that. Will have to give |
However, right now we don't expose the diff in the status. I think it would likely make sense to do that. There's a bit of a messy thing here as we would need to probably change Also this relates to ostreedev/ostree-rs-ext#618 in that in the end we'd need to create a new |
If I understand correctly, looking at ostreedev/ostree-rs-ext#618, all manifest diff operations cache the result in the repo, thus we need this to run as root with a writable But does bootc offer an unprivileged path right now? (for usage by GNOME Software/Plasma Discover for example)
|
No. Historically the polkit/unprivileged stuff in both rpm-ostree and things like PackageKit are big, complex beasts that add a lot of security-sensitive code paths. My thinking here is that for now such a thing is probably best as a separate project on top of bootc. Or maybe we could add it as an optionally-installed secondary component here. One thing I would say on this is that I also think many of the same concerns should apply to "workload" containers such as podman; ideally we share code there. Access to the podman (and docker) remote API is equivalent to root in practice right now, note. It may make sense to have a single component which can initiate upgrades for bootc as well as wrap e.g. https://docs.podman.io/en/latest/markdown/podman-auto-update.1.html (i.e. no ability to change system state, just do updates) |
Creating a small daemon with a very limited, unprivileged DBus API would make sense. For GNOME Software/Plasma Discover, we mostly need "check for update" & "update" commands. And maybe something for "rebase/switch", but it would be hard to make this one unprivileged. |
Might be needed to coordinate with the dnf team here. They already have a DBus daemon that does (a larger super set of) that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
However, right now we don't expose the diff in the status.
This is what we should do.
chunking: Deduplicate the config history for each layer
I believe #472 (comment) covers this, please reopen if anyone disagrees. |
#932 tracks the diff |
This will let higher level tools (Plasma Discover for example) more easily read the output of
bootc update --check --json
.Needs ostreedev/ostree-rs-ext#618